Preventing HTML form tampering
                                 http://advosys.ca/tips/form−tampering.html
               ...
Form Tampering
Form Tampering
Form Tampering
Form Tampering
Form Tampering
Form Tampering
Form Tampering
Form Tampering
Upcoming SlideShare
Loading in …5
×

Form Tampering

1,976 views

Published on

Published in: Business, Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
1,976
On SlideShare
0
From Embeds
0
Number of Embeds
16
Actions
Shares
0
Downloads
13
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Form Tampering

  1. 1. Preventing HTML form tampering http://advosys.ca/tips/form−tampering.html Aug 07 2001 Introduction All web applications rely on HTML forms to receive input from the user. However, HTML forms have one large weakness: users can save the form to a file, edit it, then use the edited version to submit data back to the server. This security problem is made worse by the stateless nature of web apps. HTTP transactions are connectionless, one−time transmissions. To lead a user through a series of input forms requires storing information about where they've been before. Most developers choose to store this state information in the user's browser, and have it sent back with each transaction. State information can be stored in a browser three ways: • Browser cookies • Special tags in the URL • HTML form hidden fields There are advantages and d

×